Answer-first summary for fast verification
Answer: Use a key management service (KMS) that supports automatic key rotation and seamlessly re-encrypts data with new keys without downtime.
Using a key management service (KMS) that supports automatic key rotation is the most efficient and secure strategy for ensuring encryption key rotation for dynamic datasets in a lakehouse environment. This approach ensures that encryption keys are regularly rotated according to best practices without manual intervention, reducing the risk of data exposure. Additionally, it allows for seamless re-encryption of data with new keys without causing downtime, maintaining data availability and integrity. This method is scalable, efficient, and complies with industry standards and compliance requirements, making it the optimal choice for managing encryption keys in a dynamic lakehouse setting.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
In a lakehouse environment where datasets are continuously updated, what is the best strategy for rotating encryption keys without affecting data availability or integrity?
A
Implement an application-layer solution that gradually re-encrypts data with new keys over time, tracking encryption status in a metadata store.
B
Use a key management service (KMS) that supports automatic key rotation and seamlessly re-encrypts data with new keys without downtime.
C
Manually rotate encryption keys yearly, re-encrypting all data overnight during low-usage periods to minimize impact.
D
Establish a routine process where new data is encrypted with a new key while old data remains with the legacy key until it is phased out or re-encrypted during scheduled maintenance.
No comments yet.